devel/muon: Update to 0.6.0
- Fetch source archive from homepage (formerly the source archive was
fetched from sourcehut)
- Execute pkg-config (formerly libpkgconf was used)
Changelog 0.6.0
===============
- internals / language features
- in script mode: refactor how scope works, all variable resolution
happens at compile time, globals are disallowed.
Improves performance and clarifies scoping rules.
(github pr)[https://github.com/muon-build/muon/pull/241]
- all memory is tracked an managed with an arena allocator.
This should improve memory usage, performance, and developer
ergonomics.
- toolchains
- toolchains are now defined in scripts:
[21 lines not shown]
haproxy: updated to 3.4.2
3.4.2
- BUG/MEDIUM: mux_quic: fix memory leak of rx app_buf on stream free
- BUG/MINOR: hq-interop: fix transcoding of wrapping response buffer
- BUG/MINOR: hq-interop: support transcoding of absolute URI
- BUG/MEDIUM: server: initialise agent.health in srv_settings_init()
- BUG/MINOR: sample: set SMP_F_CONST on srv_name fetch
- BUG/MEDIUM: servers: Use a refcount for port_range and free it properly
- MINOR: hbuf: new lightweight hbuf API
- BUG/MINOR: init: fix default global settings being overwritten by -G
- BUG/MINOR: tools: fix invalid character detection in strl2ic()
- BUG/MAJOR: htx: Don't swap buffers for empty HTX message with an error
- BUG/MINOR: mux-quic: Fix handling EOM after in qcs_http_rcv_buf()
- BUG/MINOR: http-htx: Don't by-pass HTX API when merging cookie values
opentofu: updated to 1.12.3
1.12.3
BUG FIXES:
Properly handle TF_ENCRYPTION with only blank spaces.
The value resulted from the lifecycle.enabled evaluation now has its deprecation marks processed correctly
Update documentation to clarify the usage restriction of ephemeral values in lifecycle.enabled.
tofu console -lock=false now works as intended.
SECURITY ADVISORIES:
Previous releases in the v1.12 series could read an arbitrary file during certain git operations via a maliciously crafted URL
Advisory: GHSA-q7j3-v8qv-22vq
py-treq: updated to 26.7.0
26.7.0 (2026-07-01)
Features
- Document support for Python 3.14.
- PyPy 3.11 is now supported, and PyPy 3.9 and 3.10, which are no longer well-supported by the ecosystem, have been dropped.
Bugfixes
- treq no longer vendors the ``multipart`` library, now that it no longer has import conflicts with ``python-multipart``.
- Fix building documentation with Sphinx 9.1.0.
Deprecations and Removals
- treq no longer depends on `requests`. Consequently, the ``cookies()`` method no longer returns a `requests.cookies.RequestsCookieJar <https://requests.readthedocs.io/en/latest/api/#requests.cookies.RequestsCookieJar>`_. Instead, it returns `treq.cookies.IndexableCookieJar`, which implements ``__getitem__`` as a compatibility shim. We have *not* attempted to maintain full dict-interface compatibility with ``RequestsCookieJar``, as many of its interface extensions are difficult to use securely because they obscure the relationship between cookies and domains. treq interfaces still accept a ``request.cookies.RequestsCookieJar`` as the *cookies* parameter, like any `http.cookiejar.CookieJar` subclass.
- Support for Python 3.8, which has reached end of support, has been dropped.
py-zope.testing: updated to 6.2
6.2 (2026-07-03)
- Add support for Python 3.15.
- Deprecate ``zope.testing.doctestcase`` in favour of plain ``doctest``
(e.g. ``doctest.DocTestSuite`` or ``doctest.DocFileSuite``).
- Move package metadata from setup.py to pyproject.toml.
libjwt: updated to 3.6.1
LibJWT 3.6.1 is a small test-portability patch release.
The in-process HTTP server used by the cached-JWKS test cast write() to (void) to ignore its result. glibc marks write() warn_unused_result, and the (void) cast does not suppress that warning on newer glibc, so the -Werror test build failed. The result is now asserted with ck_assert_int_gt(write(...), 0).
This is ABI-compatible with 3.6.0: no library source changed, so the exported symbol set is identical and per the libtool rules only the SONAME revision advances (18:0:4 → 18:1:4). The SONAME stays libjwt.so.14 and existing binaries keep working.
gnupg2: updated to 2.5.21
Noteworthy changes in version 2.5.21 (2026-07-02)
* New and extended features:
- gpg, gpgsm: Use partial file on decryption, remove on failure.
Disable with "--compatibility-flags=no-partial-file-guard".
- gpg: Use the INT_RCP_FPR subpacket in revocation signatures.
- Create a pkgversioninfo.txt file when building using the speedo
build system.
* Bug fixes:
- gpg: Fix potential use-after-free in batch key generation when
handling the keyserver URL option.
[18 lines not shown]
graphics/tiff: Update to 4.7.2
Upstream NEWS:
micro release
a very large number of bugfixes, including integer overflows
* Add TIFFGetMaxCompressionRatio() and use it in _TIFFReadEncoded[Tile|Strip)AndAllocBuffer()
(:issue:`781`)
py-guessit: updated to 4.0.2
4.0.2 (2026-06-29)
Bug Fixes
- **title**: Keep languages instead of a language-only title
v4.0.1 (2026-06-29)
Bug Fixes
- **changelog**: Trim noise commit types from the changelog and PyPI page
- **packaging**: Balance changelog code fences in the PyPI long description
py-rebulk: updated to 6.0.1
6.0.1
Performance Improvements
Cache getfullargspec on the hot matching path
6.0.0
Bug Fixes
key: Skip private matches in declared-key value_type check
Documentation
Show declaring functional properties for check_keys
[7 lines not shown]